Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 597538 (CVE-2016-3492, CVE-2016-3495, CVE-2016-5507, CVE-2016-5584, CVE-2016-5609, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5625, CVE-2016-5626, CVE-2016-5627, CVE-2016-5628, CVE-2016-5629, CVE-2016-5630, CVE-2016-5631, CVE-2016-5632, CVE-2016-5633, CVE-2016-5634, CVE-2016-5635, CVE-2016-7440, CVE-2016-8283, CVE-2016-8284, CVE-2016-8286, CVE-2016-8287, CVE-2016-8288, CVE-2016-8289, CVE-2016-8290)

Summary: <dev-db/mysql-5.6.34: multiple vulnerabilities (CPUOCT2016) (CVE-2016-{3492,3495,5507,5584,5609,5612,5616,5624,5625,5626,5627,5628,5629,5630,5631,5632,5633,5634,5635,8283,8284,8286,8287,8288,8289,8290})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mysql-bugs
Priority: Normal Flags: kensington: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Whiteboard: A2 [glsa cve]
Package list:
=dev-db/mysql-5.6.34 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 599332    

Comment 1 Brian Evans Gentoo Infrastructure gentoo-dev 2016-10-19 20:38:14 UTC
Arches, please test and mark stable.
The test suite should pass following the official instructions.
Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances)

Target keywords:
=dev-db/mysql-5.6.34 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86

# Official test instructions:
# USE='embedded extraengine perl ssl static-libs community' \
# FEATURES='test userpriv -usersandbox' \
# ebuild mysql-5.6.34.ebuild \
# digest clean package

# Parallel testing is enabled, auto will try to detect number of cores
# You may set this by hand.
# The default maximum is 8 unless MTR_MAX_PARALLEL is increased
export MTR_PARALLEL="${MTR_PARALLEL:-auto}"
Comment 2 Tobias Klausmann gentoo-dev 2016-10-21 15:18:05 UTC
Stable on alpha.
Comment 3 Agostino Sarubbo gentoo-dev 2016-10-22 11:33:28 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-10-22 11:33:58 UTC
x86 stable
Comment 5 Jeroen Roovers gentoo-dev 2016-10-23 07:45:03 UTC
Stable for PPC64.
Comment 6 Markus Meier gentoo-dev 2016-10-26 16:38:27 UTC
arm stable
Comment 7 Jeroen Roovers gentoo-dev 2016-10-31 07:41:56 UTC
Stable for HPPA.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2016-11-19 06:17:11 UTC
CVE-2016-8290 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8290):
  Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote
  administrators to affect availability via vectors related to Server:
  Performance Schema, a different vulnerability than CVE-2016-5633.

CVE-2016-8289 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8289):
  Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local
  users to affect integrity and availability via vectors related to Server:
  InnoDB.

CVE-2016-8288 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8288):
  Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and
  earlier allows remote authenticated users to affect integrity via vectors
  related to Server: InnoDB Plugin.

CVE-2016-8287 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8287):
  Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote
  administrators to affect availability via vectors related to Server:
  Replication.

CVE-2016-8286 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8286):
  Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote
  authenticated users to affect confidentiality via vectors related to Server:
  Security: Privileges.

CVE-2016-8284 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8284):
  Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and
  earlier allows local users to affect availability via vectors related to
  Server: Replication.

CVE-2016-8283 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8283):
  Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and
  earlier, and 5.7.14 and earlier allows remote authenticated users to affect
  availability via vectors related to Server: Types.

CVE-2016-5635 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5635):
  Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote
  administrators to affect availability via vectors related to Server:
  Security: Audit.

CVE-2016-5634 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5634):
  Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote
  administrators to affect availability via vectors related to RBR.

CVE-2016-5633 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5633):
  Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote
  administrators to affect availability via vectors related to Server:
  Performance Schema, a different vulnerability than CVE-2016-8290.

CVE-2016-5632 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5632):
  Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote
  administrators to affect availability via vectors related to Server:
  Optimizer.

CVE-2016-5631 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5631):
  Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote
  administrators to affect availability via vectors related to Server:
  Memcached.

CVE-2016-5630 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5630):
  Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and
  earlier allows remote administrators to affect availability via vectors
  related to Server: InnoDB.

CVE-2016-5629 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5629):
  Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and
  earlier, and 5.7.14 and earlier allows remote administrators to affect
  availability via vectors related to Server: Federated.

CVE-2016-5628 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5628):
  Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote
  administrators to affect availability via vectors related to Server: DML.

CVE-2016-5627 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5627):
  Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and
  earlier allows remote authenticated users to affect availability via vectors
  related to Server: InnoDB.

CVE-2016-5626 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5626):
  Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and
  earlier, and 5.7.14 and earlier allows remote authenticated users to affect
  availability via vectors related to GIS.

CVE-2016-5625 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5625):
  Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local
  users to affect confidentiality, integrity, and availability via vectors
  related to Server: Packaging.

CVE-2016-5624 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5624):
  Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote
  authenticated users to affect availability via vectors related to DML.

CVE-2016-5616 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5616):
  Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and
  earlier, and 5.7.14 and earlier allows local users to affect
  confidentiality, integrity, and availability via vectors related to Server:
  MyISAM.

CVE-2016-5612 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5612):
  Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and
  earlier, and 5.7.13 and earlier allows remote authenticated users to affect
  availability via vectors related to DML.

CVE-2016-5609 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5609):
  Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and
  earlier allows remote authenticated users to affect availability via vectors
  related to DML.

CVE-2016-5584 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5584):
  Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and
  earlier, and 5.7.15 and earlier allows remote administrators to affect
  confidentiality via vectors related to Server: Security: Encryption.

CVE-2016-5507 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5507):
  Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and
  earlier allows remote administrators to affect availability via vectors
  related to Server: InnoDB.

CVE-2016-3495 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3495):
  Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote
  administrators to affect availability via vectors related to Server: InnoDB.

CVE-2016-3492 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3492):
  Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and
  earlier, and 5.7.14 and earlier allows remote authenticated users to affect
  availability via vectors related to Server: Optimizer.
Comment 9 Agostino Sarubbo gentoo-dev 2016-12-19 14:38:29 UTC
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-12-19 15:15:08 UTC
ia64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2016-12-20 09:48:13 UTC
ppc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 12 Brian Evans Gentoo Infrastructure gentoo-dev 2016-12-20 14:00:39 UTC
Cleanup complete
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2017-01-01 13:37:37 UTC
This issue was resolved and addressed in
 GLSA 201701-01 at https://security.gentoo.org/glsa/201701-01
by GLSA coordinator Thomas Deutschmann (whissi).